PowerShell tools to help defenders hunt smarter, hunt harder.

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

LC（List Cloud）是一个多云攻击面资产梳理工具

Password list generator for password spraying - prebaked with goodies

A cheat sheet that contains advanced queries for SQL Injection of all types.

Python API client for AI providers that intends to replace LangChain and LangGraph for most common use cases.

🦊 Anti-detect browser

This repository showcases various advanced techniques for Retrieval-Augmented Generation (RAG) systems. RAG systems combine information retrieval with generative models to provide accurate and cont…

IntelOwl: manage your Threat Intelligence at scale

🕵️‍♂️ Offensive Google framework.

🐙 Track down GitHub users.

a drop-in replacement for Nmap powered by shodan.io

Zimbra - Remote Command Execution (CVE-2024-45519)

SilentEye is a cross-platform application design for an easy use of steganography

Weaponizing for privileged file writes bugs with windows problem reporting

StandIn is a small .NET35/45 AD post-exploitation toolkit

Tool for Active Directory Certificate Services enumeration and abuse

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

generate payloads that force authentication against an attacker machine

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester c…

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

A light-weight first-stage C2 implant written in Nim (and Rust).

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

Simple (relatively) things allowing you to dig a bit deeper than usual.

Self contained htaccess shells and attacks

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

A golang utility to spider through a website searching for additional links.